Cyber Security

Integration of information technology (IT) and telecommunications infrastructures into the traditional electric power system have transformed the historical electricity network into a smarter electricity grid that enables real-time sensing, measurement, control, and two-way energy and information flow among various devices. As cyber infrastructure has become a critical component to the energy sector infrastructure, management and protections of cyber systems and IT components at all levels are required to prevent access to unauthorized functions, especially as they relate to grid operations. Cyber infrastructure and cyber security are terms defined by the National Infrastructure Protection Plan (NIPP) as:

Cyber Infrastructure: Includes electronic information and communications systems and services and the information contained in these systems and services. Information and communications systems and services are composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements. Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information. For example: computer systems; control systems (e.g., SCADA); networks, such as the Internet; and cyber services (e.g., managed security services) are part of cyber infrastructure.

Cyber Security: The protection required to ensure confidentiality, integrity and availability of the electronic information communication system. With the adoption and implementation of the Smart Grid, the IT and telecommunication sectors will be more directly involved. These sectors have existing cyber security standards to address vulnerabilities and assessment programs to identify known vulnerabilities in these systems. These same vulnerabilities need to be assessed in the context of the Smart Grid. In addition, the Smart Grid has additional vulnerabilities due to its complexity, large number of stakeholders, and highly time-sensitive operational requirements.